FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
28c575fa-784e-11e3-8249-001cc0380077	libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont freedesktop.org reports: A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems. Discovery 2013-12-24 Entry 2014-01-08 libXfont < 1.4.7,1 CVE-2013-6462 http://lists.x.org/archives/xorg-announce/2014-January/002389.html
304409c3-c3ef-11e0-8aa5-485d60cb5385	libXfont -- possible local privilege escalation Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege escalation. Discovery 2011-07-26 Entry 2011-08-11 Modified 2012-03-13 libXfont < 1.4.4_1,1 CVE-2011-2895 https://bugzilla.redhat.com/show_bug.cgi?id=725760

VuXML ID

Description

28c575fa-784e-11e3-8249-001cc0380077

libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont

freedesktop.org reports:

A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font.

As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.

Discovery 2013-12-24
Entry 2014-01-08
libXfont

< 1.4.7,1

CVE-2013-6462
http://lists.x.org/archives/xorg-announce/2014-January/002389.html

304409c3-c3ef-11e0-8aa5-485d60cb5385

libXfont -- possible local privilege escalation

Tomas Hoger reports:

The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege escalation.

Discovery 2011-07-26
Entry 2011-08-11
Modified 2012-03-13
libXfont

< 1.4.4_1,1

CVE-2011-2895
https://bugzilla.redhat.com/show_bug.cgi?id=725760